RSA HTML Reference

The BXA were quoted by Peter Junger, in a written reply to his
questions to them about what he can &QUOT;export&QUOT; in teaching his
law class about export controls:

&GT; &QUOT;While the use of html links by a person might, in some
&GT; applications, involve an export . . . we reiterate that the activity
&GT; described by your submission is not an export activity that is subject
&GT; to the EAR and would also not constitute conduct prohibited by Section
&GT; 744.9 of the EAR.&QUOT;

Antonomasia speculated on cypherpunks thusly:

&GT; I think a mere pointer is not an export, no matter what it points to,
&GT; but a link with prohibited smuggled _content_ might be:
&GT;
&GT; &LT;A HREF="http://www.cypherspace.org/~adam/print pack&QUOT;C*&QUOT;,split/\D+/,echo.....
&GT;
&GT; although the quoting would probably take a lot of thought.
&GT;
&GT; Perhaps that's the kind of thing they mean ?

So the challenge is set, can we create an html HREF to a link where the
link's name is a non-exportable program, and can we simulatneously persuade
a unix shell to create a series of funny named directories, and file which
is a non exportable program, and will the web server and web browser be
willing to serve/request this file.

Lets find out...

Creating the file

My prompt is aba:cwd/ where cwd is the current working
directory, my prompt is shown below in bold typewriter
font, comments are in italics, commands and computer output are
in normal typewriter font. I use tcsh, which means I was
pressing the TAB key rather than constructing all those quoted symbols
manually.

Creating the HREF

Rather than work out manually how to quote all those characters, move the
file into a new directory without an index.html file. As there is no index
file, I let the browser do the rest for me by then viewing the directories
by clicking on the funny named directories in the browser, till I got to the
file. Then I cut and pasted the full quoted URL from the URL box in
netscape.

&GT; However... I do take your point that the code contains some naughty
&GT; characters which mean that you need to use %xx to allow it to be a
&GT; valid URL.
&GT;
&GT; Challenge #2 then is can we change the code so that it no longer has
&GT; any naughty characters and hence works without quoting, in such a way
&GT; that it still works as perl! Hmm...

So the next challenge then is to create a link which doesn't have any
characters which the URL spec requires to be quoted, had to break this
up with /s because otherwise we were going over the limit on
filenames on SunOS4.x (which is what the webserver at dcs is running).

Have you exported RSA today?
However, it's not nearly so readable. And it's longer. I really don't
think I can do it readable as well. (The approach above being to
hexadecimal encode the program, and make the new program unhex decode that,
and eval it, which means it will decode and run transparently each time you
use it).

(The trailing ,$ is needed to make the code still executable
in the presence of the trailing /. This means it's safe even
if people use a trailing / after the directory name. We want
to create a directory so that we can put an index.html in it, and have
a browser recognize it as html, otherwise it wouldn't end in .html,
and you would get to view the HTML source).